Tenable Lumin

FAQs

What is Tenable Lumin?

Tenable Lumin enables organizations to effectively measure their cyber risk and benchmark their performance internally against different groups as well as externally against industry peers. To accomplish this, Tenable combines data about the real-world threat vulnerabilities pose with asset criticality context to calculate a Cyber Exposure Score, transforming raw technical data into business insights.

How does Tenable Lumin work?

Tenable Lumin combines a number of data sources, such as vulnerability data, threat intelligence and asset criticality, to help security leaders quantify cyber risk and maximize cyber risk reduction. Tenable Exposure.ai technology utilizes the industry’s most extensive vulnerability intelligence and one of the industry’s largest data science organizations, which enables us to deliver comprehensive benchmarking capabilities to compare your cyber risk with peers and machine learning algorithms to provide accurate cyber risk calculations.

What is the Cyber Exposure Score (CES) and how is it derived?

The Cyber Exposure Score is an objective measure of cyber risk, derived through data science-based measurement of vulnerability data together with threat intelligence and asset criticality. The score is automatically generated through machine learning algorithms which combine the Tenable Vulnerability Priority Rating (VPR), for the likelihood of exploitability, with the Tenable Asset Criticality Rating (ACR), for the business criticality of the impacted asset. Organizations can also leverage scoring to trend improvement over time as a measure of security program effectiveness. It is a number between 0 and 1000, where 0 is least exposed and 1000 is most exposed. A Cyber Exposure Score can be applied to any group of assets, either a single asset, a subset or an entire organization. For more information on CES, please read this white paper.

What is the Asset Criticality Rating (ACR) and how is it derived?

The Asset Criticality Rating is an objective measure of the criticality of an asset to an organization. The rating is calculated via a machine learning algorithm and based on asset attributes derived from vulnerability scan results, such as whether the device is exposed to the Internet, the type of device and device functionality. The ratings are calculated automatically after each scan and are updated every 24 hours. ACR is a number between 0 and 10, where 0 is the lowest criticality level and 10 is the highest criticality level. For more information on ACR, please read this white paper.

What Is Predictive Scoring?

Predictive Scoring in Tenable Lumin employs machine learning technologies to accurately prioritize the remediation of assets that have yet to receive an authenticated scan. By examining the criticality of vulnerabilities found on devices receiving authenticated scans, Predictive Scoring can infer the Asset Exposure Score of similar devices that have yet to receive authenticated scans. The result is a much more accurate and comprehensive insight into an organization’s overall Cyber Exposure.

What is the Assessment Maturity Score and how is it derived?

Assessment Maturity is a single metric that quantifies how an organization is scanning their environment. It provides this insight by computing two underlying components:

1. Scan Frequency How frequently organizations scan each asset in their network
2. Scan Depth How deeply or thoroughly they scan each asset for vulnerabilities

Organisations are assigned a grade for their Scan Frequency, Scan Depth and overall Assessment Maturity scores along with comparisons to their industry peers and the overall population. Via such grading, organizations can compare their efforts to others and improve their processes accordingly.

What is the Remediation Maturity Score and how is it derived?

Remediation Maturity measures your speed and efficiency in remediating vulnerabilities found in your organization.

It answers such questions as:

• How quickly am I remediatiating vulnerabilities?
• What is the % of assets remediated, the % of vulnerabilities remediated?
• How targeted am I with my remediation efforts? Am I focusing on Critical and High vulnerabilities?

Organizations are assigned a grade for their Remediation Responsiveness and Remediation Coverage along with comparisons to their industry peers and the overall population. Via such grading, organizations can compare their efforts to others and improve their processes accordingly.

How are benchmarking scores derived?

Benchmarking in Tenable Lumin is based on the most extensive vulnerability data and intelligence in the industry. Tenable processes over 1.5 billion instances of vulnerabilities per week and analyzes exposure trends and cyber hygiene maturity from more than 4.5 petabytes of data to create the benchmarking knowledge base.

Can I customize the factors that influence my Cyber Exposure Score (CES)?

Yes, you are able to manually adjust the Asset Criticality Rating of your assets, which will automatically recalculate your CES based on your customized input. In the future, we will introduce product enhancements that will allow you to customize additional CES factors.

How is Tenable Lumin different from Tenable Vulnerability Management and Tenable Security Center?

Tenable Lumin is a separate application that helps you translate raw vulnerability data into business insights by objectively measuring your Cyber Exposure to help guide your strategic decision making. Tenable Lumin works in conjunction with both Tenable Vulnerability Management and Tenable Security Center to incorporate asset and vulnerability data to quantify and analyze your cyber risk.

What vulnerability management products are supported today in Tenable Lumin?

Tenable Lumin is supported by both Tenable Vulnerability Management and Tenable Security Center.

What is the Tenable Lumin pricing model?

Tenable Lumin pricing is based on the total assets count of the Tenable Vulnerability Management container and/or Tenable Security Center deployment. Example pricing is available on request.

Is Tenable Lumin available in both cloud and on-prem deployments?

Tenable Lumin is available as a cloud-based, software-as-a-service (SaaS) solution.